At the moment pointers returned by bpf_rdonly_cast() have type
"pointer to btf id", and only casts to structure types are allowed.
Access to memory pointed to by returned pointers is done through
BPF_PROBE_{MEM,MEMSX} instructions and does not produce errors on
invalid memory access.
This patch-set extends bpf_rdonly_cast() to allow casts to an
equivalent of 'void *', effectively replacing bpf_probe_read_kernel()
calls in situations when access to individual bytes or integers is
necessary.
The mechanism was suggested and explored by Andrii Nakryiko in [1].
To help with detecting support for this feature 'enum bpf_features' is
added with intended usage like below:
if (bpf_core_enum_value_exists(enum bpf_features,
BPF_FEAT_RDONLY_CAST_TO_VOID))
...
[1] https://github.com/anakryiko/linux/tree/bpf-mem-cast
Eduard Zingerman (4):
bpf: allow void* cast using bpf_rdonly_cast()
bpf: add bpf_features enum
selftests/bpf: allow tests from verifier.c not to drop CAP_SYS_ADMIN
selftests/bpf: check operations on untrusted ro pointers to mem
kernel/bpf/verifier.c | 79 ++++++++--
.../selftests/bpf/prog_tests/verifier.c | 19 ++-
.../bpf/progs/verifier_mem_rdonly_untrusted.c | 136 ++++++++++++++++++
3 files changed, 216 insertions(+), 18 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/verifier_mem_rdonly_untrusted.c
--
2.47.1
